Define a STORE type. For documentation, read the entry in CHANGES,

crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h.

Define a STORE type. For documentation, read the entry in CHANGES,
crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h.
a5db6fa5 · Richard Levitte · 9236b5b0 · a5db6fa5 · a5db6fa5 · a5db6fa5
16 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@

 Changes between 0.9.7a and 0.9.8  [xx XXX xxxx]

+  *) Add the STORE type.  The intention is to provide a common interface
+     to certificate and key stores, be they simple file-based stores, or
+     HSM-type store, or LDAP stores, or...
+     NOTE: The code is currently UNTESTED and isn't really used anywhere.
+     [Richard Levitte]
+
  *) Add a generic structure called OPENSSL_ITEM.  This can be used to
     pass a list of arguments to any function as well as provide a way
     for a function to pass data back to the caller.

--- a/Makefile.org
+++ b/Makefile.org
@@ -178,7 +178,8 @@ SDIRS=  \
 	des rc2 rc4 rc5 idea bf cast \
 	bn ec rsa dsa ecdsa dh ecdh dso engine aes \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+	store

 # tests to perform.  "alltests" is a special word indicating that all tests
 # should be performed.

--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -30,7 +30,8 @@ SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
 	bn ec rsa dsa ecdsa ecdh dh dso engine aes \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+	store

 GENERAL=Makefile README crypto-lib.com install.com


--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -80,7 +80,8 @@ $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
 		  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ -
 		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
 		  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
-		  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5"
+		  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
+		  "STORE"
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
@@ -265,6 +266,7 @@ $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
 $ LIB_UI_COMPAT = ",ui_compat"
 $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT
 $ LIB_KRB5 = "krb5_asn"
+$ LIB_STORE = "str_err,str_lib,str_meth,str_mem"
 $!
 $! Setup exceptional compilations
 $!

--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -135,6 +135,7 @@ typedef struct err_state_st
 #define ERR_LIB_COMP            41
 #define ERR_LIB_ECDSA		42
 #define ERR_LIB_ECDH		43
+#define ERR_LIB_STORE           44

 #define ERR_LIB_USER		128

@@ -165,6 +166,7 @@ typedef struct err_state_st
 #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
 #define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
 #define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
+#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)

 /* Borland C seems too stupid to be able to shift and do longs in
 * the pre-processor :-( */
@@ -219,6 +221,7 @@ typedef struct err_state_st
 #define ERR_R_COMP_LIB	ERR_LIB_COMP     /* 41 */
 #define ERR_R_ECDSA_LIB ERR_LIB_ECDSA	 /* 42 */
 #define ERR_R_ECDH_LIB  ERR_LIB_ECDH	 /* 43 */
+#define ERR_R_STORE_LIB ERR_LIB_STORE    /* 44 */

 #define ERR_R_NESTED_ASN1_ERROR			58
 #define ERR_R_BAD_ASN1_OBJECT_HEADER		59

--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -27,8 +27,10 @@ L DSO		crypto/dso/dso.h		crypto/dso/dso_err.c
 L ENGINE	crypto/engine/engine.h		crypto/engine/eng_err.c
 L OCSP		crypto/ocsp/ocsp.h		crypto/ocsp/ocsp_err.c
 L UI		crypto/ui/ui.h			crypto/ui/ui_err.c
+L COMP		crypto/comp/comp.h		crypto/comp/comp_err.c
 L ECDSA		crypto/ecdsa/ecdsa.h		crypto/ecdsa/ecs_err.c
 L ECDH		crypto/ecdh/ecdh.h		crypto/ecdh/ech_err.c
+L STORE		crypto/store/store.h		crypto/store/str_err.c

 # additional header files to be scanned for function names
 L NONE		crypto/x509/x509_vfy.h		NONE

--- a/crypto/store/.cvsignore
+++ b/crypto/store/.cvsignore
+Makefile.save
+lib
--- a/crypto/store/Makefile.ssl
+++ b/crypto/store/Makefile.ssl
+#
+# OpenSSL/crypto/store/Makefile
+#
+
+DIR=	store
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST= storetest.c
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= str_err.c str_lib.c str_meth.c str_mem.c
+LIBOBJ= str_err.o str_lib.o str_meth.o str_mem.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= store.h str_compat.h
+HEADER=	$(EXHEADER) str_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+str_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+str_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+str_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+str_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+str_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+str_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+str_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+str_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+str_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+str_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+str_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+str_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+str_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+str_err.o: str_err.c
+str_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+str_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+str_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+str_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
+str_lib.o: ../../include/openssl/x509_vfy.h str_lib.c str_locl.h
+str_mem.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+str_mem.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+str_mem.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+str_mem.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+str_mem.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+str_mem.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+str_mem.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+str_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_mem.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+str_mem.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+str_mem.o: ../../include/openssl/stack.h ../../include/openssl/store.h
+str_mem.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+str_mem.o: ../../include/openssl/x509_vfy.h str_locl.h str_mem.c
+str_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+str_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+str_meth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+str_meth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+str_meth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+str_meth.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+str_meth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+str_meth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+str_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_meth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+str_meth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+str_meth.o: ../../include/openssl/stack.h ../../include/openssl/store.h
+str_meth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+str_meth.o: ../../include/openssl/x509_vfy.h str_locl.h str_meth.c
--- a/crypto/store/README
+++ b/crypto/store/README
+The STORE type
+==============
+
+A STORE, as defined in this code section, is really a rather simple
+thing which stores objects and per-object associations to a number
+of attributes.  What attributes are supported entirely depends on
+the particular implementation of a STORE.  It has some support for
+generation of certain objects (for example, keys and CRLs).
+
+
+Supported object types
+----------------------
+
+For now, the objects that are supported are the following:
+
+X.509 certificate
+X.509 CRL
+private key
+public key
+number
+
+The intention is that a STORE should be able to store everything
+needed by an application that wants a cert/key store, as well as
+the data a CA might need to store (this includes the serial number
+counter, which explains the support for numbers).
+
+
+Supported attribute types
+-------------------------
+
+For now, the following attributes are supported:
+
+Friendly Name		- the value is a normal C string
+Key ID			- the value is a 160 bit SHA1 hash
+Issuer Key ID		- the value is a 160 bit SHA1 hash
+Subject Key ID		- the value is a 160 bit SHA1 hash
+Issuer/Serial Hash	- the value is a 160 bit SHA1 hash
+Issuer			- the value is a X509_NAME
+Serial			- the value is a BIGNUM
+Subject			- the value is a X509_NAME
+Certificate Hash	- the value is a 160 bit SHA1 hash
+Email			- the value is a normal C string
+Filename		- the value is a normal C string
+
+It is expected that these attributes should be enough to support
+the need from most, if not all, current applications.  Applications
+that need to do certificate verification would typically use Subject
+Key ID, Issuer/Serial Hash or Subject to look up issuer certificates.
+S/MIME applications would typically use Email to look up recipient
+and signer certificates.
+
+There's added support for combined sets of attributes to search for,
+with the special OR attribute.
+
+
+Supported basic functionality
+-----------------------------
+
+The functions that are supported through the STORE type are these:
+
+generate_object		- for example to generate keys and CRLs
+get_object		- to look up one object
+			  NOTE: this function is really rather
+			  redundant and probably of lesser usage
+			  than the list functions
+store_object		- store an object and the attributes
+			  associated with it
+modify_object		- modify the attributes associated with
+			  a specific object
+revoke_object		- revoke an object
+			  NOTE: this only marks an object as
+			  invalid, it doesn't remove the object
+			  from the database
+delete_object		- remove an object from the database
+list_object		- list objects associated with a given
+			  set of attributes
+			  NOTE: this is really four functions:
+			  list_start, list_next, list_end and
+			  list_endp
+update_store		- update the internal data of the store
+lock_store		- lock the store
+unlock_store		- unlock the store
+
+The list functions need some extra explanation: list_start is
+used to set up a lookup.  That's where the attributes to use in
+the search are set up.  It returns a search context.  list_next
+returns the next object searched for.  list_end closes the search.
+list_endp is used to check if we have reached the end.
+
+A few words on the store functions as well: update_store is
+typically used by a CA application to update the internal
+structure of a database.  This may for example involve automatic
+removal of expired certificates.  lock_store and unlock_store
+are used for locking a store to allow exclusive writes.
--- a/crypto/store/store.h
+++ b/crypto/store/store.h
--- a/crypto/store/str_err.c
+++ b/crypto/store/str_err.c
+/* crypto/store/str_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/store.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA STORE_str_functs[]=
+	{
+{ERR_PACK(0,STORE_F_MEM_DELETE,0),	"MEM_DELETE"},
+{ERR_PACK(0,STORE_F_MEM_GENERATE,0),	"MEM_GENERATE"},
+{ERR_PACK(0,STORE_F_MEM_LIST_NEXT,0),	"MEM_LIST_NEXT"},
+{ERR_PACK(0,STORE_F_MEM_LIST_START,0),	"MEM_LIST_START"},
+{ERR_PACK(0,STORE_F_MEM_STORE,0),	"MEM_STORE"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_CSTR,0),	"STORE_ATTR_INFO_get0_cstr"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_DN,0),	"STORE_ATTR_INFO_get0_dn"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_NUMBER,0),	"STORE_ATTR_INFO_get0_number"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,0),	"STORE_ATTR_INFO_get0_sha1str"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,0),	"STORE_ATTR_INFO_modify_cstr"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_DN,0),	"STORE_ATTR_INFO_modify_dn"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,0),	"STORE_ATTR_INFO_modify_number"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,0),	"STORE_ATTR_INFO_modify_sha1str"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_CSTR,0),	"STORE_ATTR_INFO_set_cstr"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_DN,0),	"STORE_ATTR_INFO_set_dn"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_NUMBER,0),	"STORE_ATTR_INFO_set_number"},
+{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_SHA1STR,0),	"STORE_ATTR_INFO_set_sha1str"},
+{ERR_PACK(0,STORE_F_STORE_CERTIFICATE,0),	"STORE_CERTIFICATE"},
+{ERR_PACK(0,STORE_F_STORE_CRL,0),	"STORE_CRL"},
+{ERR_PACK(0,STORE_F_STORE_DELETE_CERTIFICATE,0),	"STORE_delete_certificate"},
+{ERR_PACK(0,STORE_F_STORE_DELETE_CRL,0),	"STORE_delete_crl"},
+{ERR_PACK(0,STORE_F_STORE_DELETE_NUMBER,0),	"STORE_delete_number"},
+{ERR_PACK(0,STORE_F_STORE_DELETE_PRIVATE_KEY,0),	"STORE_delete_private_key"},
+{ERR_PACK(0,STORE_F_STORE_DELETE_PUBLIC_KEY,0),	"STORE_delete_public_key"},
+{ERR_PACK(0,STORE_F_STORE_GENERATE_CRL,0),	"STORE_generate_crl"},
+{ERR_PACK(0,STORE_F_STORE_GENERATE_KEY,0),	"STORE_generate_key"},
+{ERR_PACK(0,STORE_F_STORE_GET_CERTIFICATE,0),	"STORE_get_certificate"},
+{ERR_PACK(0,STORE_F_STORE_GET_CRL,0),	"STORE_get_crl"},
+{ERR_PACK(0,STORE_F_STORE_GET_NUMBER,0),	"STORE_get_number"},
+{ERR_PACK(0,STORE_F_STORE_GET_PRIVATE_KEY,0),	"STORE_get_private_key"},
+{ERR_PACK(0,STORE_F_STORE_GET_PUBLIC_KEY,0),	"STORE_get_public_key"},
+{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_END,0),	"STORE_list_certificate_end"},
+{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_NEXT,0),	"STORE_list_certificate_next"},
+{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_START,0),	"STORE_list_certificate_start"},
+{ERR_PACK(0,STORE_F_STORE_LIST_CRL_END,0),	"STORE_list_crl_end"},
+{ERR_PACK(0,STORE_F_STORE_LIST_CRL_NEXT,0),	"STORE_list_crl_next"},
+{ERR_PACK(0,STORE_F_STORE_LIST_CRL_START,0),	"STORE_list_crl_start"},
+{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_END,0),	"STORE_list_private_key_end"},
+{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,0),	"STORE_list_private_key_next"},
+{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_START,0),	"STORE_list_private_key_start"},
+{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_END,0),	"STORE_list_public_key_end"},
+{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,0),	"STORE_list_public_key_next"},
+{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_START,0),	"STORE_list_public_key_start"},
+{ERR_PACK(0,STORE_F_STORE_NEW_ENGINE,0),	"STORE_NEW_ENGINE"},
+{ERR_PACK(0,STORE_F_STORE_NEW_METHOD,0),	"STORE_new_method"},
+{ERR_PACK(0,STORE_F_STORE_NUMBER,0),	"STORE_NUMBER"},
+{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_END,0),	"STORE_PARSE_ATTRS_END"},
+{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_NEXT,0),	"STORE_parse_attrs_next"},
+{ERR_PACK(0,STORE_F_STORE_PRIVATE_KEY,0),	"STORE_PRIVATE_KEY"},
+{ERR_PACK(0,STORE_F_STORE_PUBLIC_KEY,0),	"STORE_PUBLIC_KEY"},
+{ERR_PACK(0,STORE_F_STORE_REVOKE_CERTIFICATE,0),	"STORE_revoke_certificate"},
+{ERR_PACK(0,STORE_F_STORE_REVOKE_PRIVATE_KEY,0),	"STORE_revoke_private_key"},
+{ERR_PACK(0,STORE_F_STORE_REVOKE_PUBLIC_KEY,0),	"STORE_revoke_public_key"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA STORE_str_reasons[]=
+	{
+{STORE_R_ALREADY_HAS_A_VALUE             ,"already has a value"},
+{STORE_R_FAILED_DELETING_CERTIFICATE     ,"failed deleting certificate"},
+{STORE_R_FAILED_DELETING_KEY             ,"failed deleting key"},
+{STORE_R_FAILED_DELETING_NUMBER          ,"failed deleting number"},
+{STORE_R_FAILED_GENERATING_CRL           ,"failed generating crl"},
+{STORE_R_FAILED_GENERATING_KEY           ,"failed generating key"},
+{STORE_R_FAILED_GETTING_CERTIFICATE      ,"failed getting certificate"},
+{STORE_R_FAILED_GETTING_KEY              ,"failed getting key"},
+{STORE_R_FAILED_GETTING_NUMBER           ,"failed getting number"},
+{STORE_R_FAILED_LISTING_CERTIFICATES     ,"failed listing certificates"},
+{STORE_R_FAILED_LISTING_KEYS             ,"failed listing keys"},
+{STORE_R_FAILED_REVOKING_CERTIFICATE     ,"failed revoking certificate"},
+{STORE_R_FAILED_REVOKING_KEY             ,"failed revoking key"},
+{STORE_R_FAILED_STORING_CERTIFICATE      ,"failed storing certificate"},
+{STORE_R_FAILED_STORING_KEY              ,"failed storing key"},
+{STORE_R_FAILED_STORING_NUMBER           ,"failed storing number"},
+{STORE_R_NOT_IMPLEMENTED                 ,"not implemented"},
+{STORE_R_NO_DELETE_NUMBER_FUNCTION       ,"no delete number function"},
+{STORE_R_NO_DELETE_OBJECT_FUNCTION       ,"no delete object function"},
+{STORE_R_NO_GENERATE_CRL_FUNCTION        ,"no generate crl function"},
+{STORE_R_NO_GENERATE_OBJECT_FUNCTION     ,"no generate object function"},
+{STORE_R_NO_GET_OBJECT_FUNCTION          ,"no get object function"},
+{STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION   ,"no get object number function"},
+{STORE_R_NO_LIST_OBJECT_END_FUNCTION     ,"no list object end function"},
+{STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION    ,"no list object next function"},
+{STORE_R_NO_LIST_OBJECT_START_FUNCTION   ,"no list object start function"},
+{STORE_R_NO_REVOKE_OBJECT_FUNCTION       ,"no revoke object function"},
+{STORE_R_NO_STORE                        ,"no store"},
+{STORE_R_NO_STORE_OBJECT_FUNCTION        ,"no store object function"},
+{STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION ,"no store object number function"},
+{STORE_R_NO_VALUE                        ,"no value"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_STORE_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_STORE,STORE_str_functs);
+		ERR_load_strings(ERR_LIB_STORE,STORE_str_reasons);
+#endif
+
+		}
+	}
--- a/crypto/store/str_lib.c
+++ b/crypto/store/str_lib.c
--- a/crypto/store/str_locl.h
+++ b/crypto/store/str_locl.h
+/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_STORE_LOCL_H
+#define HEADER_STORE_LOCL_H
+
+#include <openssl/store.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+struct store_method_st
+	{
+	char *name;
+
+	/* All the functions return a positive integer or non-NULL for success
+	   and 0, a negative integer or NULL for failure */
+
+	/* Initialise the STORE with private data */
+	STORE_INITIALISE_FUNC_PTR init;
+	/* Initialise the STORE with private data */
+	STORE_CLEANUP_FUNC_PTR clean;
+	/* Generate an object of a given type */
+	STORE_GENERATE_OBJECT_FUNC_PTR generate_object;
+	/* Get an object of a given type.  This function isn't really very
+	   useful since the listing functions (below) can be used for the
+	   same purpose and are much more general. */
+	STORE_GET_OBJECT_FUNC_PTR get_object;
+	/* Store an object of a given type. */
+	STORE_STORE_OBJECT_FUNC_PTR store_object;
+	/* Modify the attributes bound to an object of a given type. */
+	STORE_MODIFY_OBJECT_FUNC_PTR modify_object;
+	/* Revoke an object of a given type. */
+	STORE_HANDLE_OBJECT_FUNC_PTR revoke_object;
+	/* Delete an object of a given type. */
+	STORE_HANDLE_OBJECT_FUNC_PTR delete_object;
+	/* List a bunch of objects of a given type and with the associated
+	   attributes. */
+	STORE_START_OBJECT_FUNC_PTR list_object_start;
+	STORE_NEXT_OBJECT_FUNC_PTR list_object_next;
+	STORE_END_OBJECT_FUNC_PTR list_object_end;
+	STORE_END_OBJECT_FUNC_PTR list_object_endp;
+	/* Store-level function to make any necessary update operations. */
+	STORE_GENERIC_FUNC_PTR update_store;
+	/* Store-level function to get exclusive access to the store. */
+	STORE_GENERIC_FUNC_PTR lock_store;
+	/* Store-level function to release exclusive access to the store. */
+	STORE_GENERIC_FUNC_PTR unlock_store;
+
+	/* Generic control function */
+	STORE_CTRL_FUNC_PTR ctrl;
+	};
+
+struct store_st
+	{
+	const STORE_METHOD *meth;
+	/* functional reference if 'meth' is ENGINE-provided */
+	ENGINE *engine;
+
+	CRYPTO_EX_DATA ex_data;
+	int references;
+	};
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
--- a/crypto/store/str_mem.c
+++ b/crypto/store/str_mem.c
+/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include "str_locl.h"
+
+struct mem_object_data_st
+	{
+	STORE_OBJECT *object;
+	STORE_ATTR_INFO *attr_info;
+	int references;
+	};
+
+struct mem_data_st
+	{
+	STACK *data;		/* A stack of mem_object_data_st,
+				   potentially sorted with a wrapper
+				   around STORE_ATTR_INFO_cmp(). */
+	unsigned int compute_components : 1; /* Currently unused, but can
+						be used to add attributes
+						from parts of the data. */
+	};
+
+struct mem_ctx_st
+	{
+	int type;		/* The type we're searching for */
+	STACK *search_attributes; /* Sets of attributes to search for.
+				     Each element is a STORE_ATTR_INFO. */
+	int search_index;	/* which of the search attributes we found a match
+				   for, -1 when we still haven't found any */
+	int index;		/* -1 as long as we're searching for the first */
+	};
+
+static int mem_init(STORE *s);
+static void mem_clean(STORE *s);
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+	OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]);
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+	OPENSSL_ITEM attributes[]);
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
+	STORE_OBJECT *data, OPENSSL_ITEM attributes[]);
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+	OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
+	OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]);
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+	OPENSSL_ITEM attributes[]);
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+	OPENSSL_ITEM attributes[]);
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle);
+static int mem_list_end(STORE *s, void *handle);
+static int mem_list_endp(STORE *s, void *handle);
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[]);
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[]);
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)());
+
+static STORE_METHOD store_memory =
+	{
+	"OpenSSL memory store interface",
+	mem_init,
+	mem_clean,
+	mem_generate,
+	mem_get,
+	mem_store,
+	mem_modify,
+	NULL, /* revoke */
+	mem_delete,
+	mem_list_start,
+	mem_list_next,
+	mem_list_end,
+	mem_list_endp,
+	NULL, /* update */
+	mem_lock,
+	mem_unlock,
+	mem_ctrl
+	};
+
+const STORE_METHOD *STORE_Memory(void)
+	{
+	return &store_memory;
+	}
+
+static int mem_init(STORE *s)
+	{
+	return 1;
+	}
+
+static void mem_clean(STORE *s)
+	{
+	return;
+	}
+
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+	OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[])
+	{
+	STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);
+	return 0;
+	}
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+	OPENSSL_ITEM attributes[])
+	{
+	void *context = mem_list_start(s, type, attributes);
+	
+	if (context)
+		{
+		STORE_OBJECT *object = mem_list_next(s, context);
+
+		if (mem_list_end(s, context))
+			return object;
+		}
+	return NULL;
+	}
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
+	STORE_OBJECT *data, OPENSSL_ITEM attributes[])
+	{
+	STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
+	return 0;
+	}
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+	OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
+	OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[])
+	{
+	STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
+	return 0;
+	}
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+	OPENSSL_ITEM attributes[])
+	{
+	STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);
+	return 0;
+	}
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+	OPENSSL_ITEM attributes[])
+	{
+	struct mem_ctx_st *context =
+		(struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));
+	void *attribute_context = NULL;
+	STORE_ATTR_INFO *attrs = NULL;
+
+	if (!context)
+		{
+		STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	memset(context, 0, sizeof(struct mem_ctx_st));
+
+	attribute_context = STORE_parse_attrs_start(attributes);
+	if (!attribute_context)
+		{
+		STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);
+		goto err;
+		}
+
+	while((attrs = STORE_parse_attrs_next(attribute_context)))
+		{
+		if (context->search_attributes == NULL)
+			{
+			context->search_attributes =
+				sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare);
+			if (!context->search_attributes)
+				{
+				STOREerr(STORE_F_MEM_LIST_START,
+					ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			}
+		sk_push(context->search_attributes,(char *)attrs);
+		}
+	if (!STORE_parse_attrs_endp(attribute_context))
+		goto err;
+	STORE_parse_attrs_end(attribute_context);
+	context->search_index = -1;
+	context->index = -1;
+	return context;
+ err:
+	if (attribute_context) STORE_parse_attrs_end(attribute_context);
+	mem_list_end(s, context);
+	return NULL;
+	}
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle)
+	{
+	int i;
+	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+	struct mem_object_data_st key = { 0, 0, 1 };
+	struct mem_data_st *store =
+		(struct mem_data_st *)STORE_get_ex_data(s, 1);
+	int srch;
+	int cres = 0;
+
+	if (!context)
+		{
+		STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+		return NULL;
+		}
+	if (!store)
+		{
+		STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);
+		return NULL;
+		}
+
+	if (context->search_index == -1)
+		{
+		for (i = 0; i < sk_num(context->search_attributes); i++)
+			{
+			key.attr_info =
+				(STORE_ATTR_INFO *)sk_value(context->search_attributes, i);
+			srch = sk_find_ex(store->data, (char *)&key);
+
+			if (srch >= 0)
+				{
+				context->search_index = srch;
+				break;
+				}
+			}
+		}
+	if (context->search_index < 0)
+		return NULL;
+	
+	key.attr_info =
+		(STORE_ATTR_INFO *)sk_value(context->search_attributes,
+			context->search_index);
+	for(srch = context->search_index;
+	    srch < sk_num(store->data)
+		    && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info,
+				 (STORE_ATTR_INFO *)sk_value(store->data, srch)));
+	    srch++)
+		;
+
+	context->search_index = srch;
+	if (cres)
+		return ((struct mem_object_data_st *)sk_value(store->data,
+				srch))->object;
+	return NULL;
+	}
+static int mem_list_end(STORE *s, void *handle)
+	{
+	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+	if (!context)
+		{
+		STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	if (context && context->search_attributes)
+		sk_free(context->search_attributes);
+	if (context) OPENSSL_free(context);
+	return 1;
+	}
+static int mem_list_endp(STORE *s, void *handle)
+	{
+	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+	if (!context
+		|| context->search_index == sk_num(context->search_attributes))
+		return 1;
+	return 0;
+	}
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[])
+	{
+	return 1;
+	}
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[])
+	{
+	return 1;
+	}
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)())
+	{
+	return 1;
+	}
--- a/crypto/store/str_meth.c
+++ b/crypto/store/str_meth.c
+/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/buffer.h>
+#include "str_locl.h"
+
+STORE_METHOD *STORE_create_method(char *name)
+	{
+	STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
+
+	if (store_method)
+		memset(store_method, 0, sizeof(*store_method));
+	store_method->name = BUF_strdup(name);
+	return store_method;
+	}
+
+/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
+   (that is, it hasn't been allocated using STORE_create_method(), you deserve
+   anything Murphy can throw at you and more!  You have been warned. */
+void STORE_destroy_method(STORE_METHOD *store_method)
+	{
+	if (!store_method) return;
+	OPENSSL_free(store_method->name);
+	store_method->name = NULL;
+	OPENSSL_free(store_method);
+	}
+
+int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f)
+	{
+	sm->generate_object = generate_f;
+	return 1;
+	}
+
+int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f)
+	{
+	sm->get_object = get_f;
+	return 1;
+	}
+
+int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f)
+	{
+	sm->store_object = store_f;
+	return 1;
+	}
+
+int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)
+	{
+	sm->revoke_object = revoke_f;
+	return 1;
+	}
+
+int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f)
+	{
+	sm->delete_object = delete_f;
+	return 1;
+	}
+
+int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f)
+	{
+	sm->list_object_start = list_start_f;
+	return 1;
+	}
+
+int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f)
+	{
+	sm->list_object_next = list_next_f;
+	return 1;
+	}
+
+int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f)
+	{
+	sm->list_object_end = list_end_f;
+	return 1;
+	}
+
+int STORE_method_set_update_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f)
+	{
+	sm->update_store = update_f;
+	return 1;
+	}
+
+int STORE_method_set_lock_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f)
+	{
+	sm->lock_store = lock_f;
+	return 1;
+	}
+
+int STORE_method_set_unlock_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f)
+	{
+	sm->unlock_store = unlock_f;
+	return 1;
+	}
+
+int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f)
+	{
+	sm->ctrl = ctrl_f;
+	return 1;
+	}
+
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm)
+	{
+	return sm->generate_object;
+	}
+
+STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm)
+	{
+	return sm->get_object;
+	}
+
+STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm)
+	{
+	return sm->store_object;
+	}
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm)
+	{
+	return sm->revoke_object;
+	}
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm)
+	{
+	return sm->delete_object;
+	}
+
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm)
+	{
+	return sm->list_object_start;
+	}
+
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm)
+	{
+	return sm->list_object_next;
+	}
+
+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm)
+	{
+	return sm->list_object_end;
+	}
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_function(STORE_METHOD *sm)
+	{
+	return sm->update_store;
+	}
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_lock_function(STORE_METHOD *sm)
+	{
+	return sm->lock_store;
+	}
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_function(STORE_METHOD *sm)
+	{
+	return sm->unlock_store;
+	}
+
+STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm)
+	{
+	return sm->ctrl;
+	}
+
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -273,6 +273,7 @@ $crypto.=" crypto/ocsp/ocsp.h";
 $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
 $crypto.=" crypto/krb5/krb5_asn.h";
 $crypto.=" crypto/tmdiff.h";
+$crypto.=" crypto/store/store.h";

 my $symhacks="crypto/symhacks.h";